Today Shipfox ships a Docker provisioner. The provisioner core is
provider-agnostic, so other backends (Kubernetes, cloud VMs) can follow — those
are roadmap.
How it works
The provisioner runs a continuous control loop against the Shipfox API:Advertise capacity
For each template it can start, the provisioner reports free slots
(
max_concurrency minus what’s already running).Poll for demand
It long-polls the API. When jobs are waiting for labels a template provides, the
API grants reservations.
Mint ephemeral tokens
For each reservation, the provisioner mints a single-use ephemeral
registration token (
sf_ert_…, distinct from the long-lived sf_mrt_…
manual token) that the new runner uses to register once.Launch and reconcile
It starts a container per reservation, injecting the API URL, the ephemeral
token, and the template’s labels. It reports each container’s lifecycle and
reconciles against Docker on startup, reaping containers that never registered.
If Docker is unreachable it advertises zero capacity and backs off rather than
double-launching.
Templates
A template maps a label set to the container that provides it. Templates live in a YAML file the provisioner loads at startup:Configuration
The Docker provisioner is a standalone app (@shipfox/provisioner-docker)
configured through environment variables:
| Variable | Required | Purpose |
|---|---|---|
SHIPFOX_API_URL | yes | Shipfox API base URL |
SHIPFOX_PROVISIONER_TOKEN | yes | Long-lived token that authenticates the provisioner |
SHIPFOX_PROVISIONER_TEMPLATES_FILE | yes | Path to the templates YAML |
SHIPFOX_RUNNER_API_URL | no | API URL injected into runner containers, if they reach the API on a different host |
SHIPFOX_PROVISIONER_DOCKER_HOST | no | Docker daemon socket or host (defaults to the local socket) |
SHIPFOX_PROVISIONER_DOCKER_NETWORK | no | Docker network to attach runners to |
SHIPFOX_PROVISIONER_DOCKER_EXTRA_HOSTS | no | Extra host mappings (e.g. host.docker.internal:host-gateway) |
SHIPFOX_PROVISIONER_TOKEN) on Settings → Runner
Provisioners in the dashboard — the value is shown once, and you can revoke it
there.
Poll intervals, reservation limits, token batch size, and the registration deadline
have sensible defaults and can be tuned with additional SHIPFOX_PROVISIONER_*
variables.
Deploying it
Run the provisioner as a long-lived process next to a Docker daemon it can control:Related pages
Runners
Manually started runners, labels, and registration.
Installation
Standing up the API, storage, and your first runner.